Filebeat with Elasticsearch 8.x - Part 1: Install and Secure

You are my hero man. I could start to work with ELK and Filebeat, very big video.

Thanks a lot.

JoseManuel-loed

Thanks for taking the time to both make this video and post it. It helped me out a ton (more so than the Elasticsearch 8.x book I am reading). My only disappointment was that it did not cover using nginx module (which is not your fault at all) as that is the module I was struggling with. Now with that said, using the information that you provided I was able to better understand not only what is going on inside of elasticsearch but also hot to ultimately fix the issue. Thanks a ton and I will be finishing out your series and keeping an eye out for any new posts

michaelmessuri

I had problems re-entering the API key so I had to revert back to username and password in the yml file, but everything else went as shown (using my data of course lol). Thank you!

pqr

Hi great video! Just wanted to confirm, Filebeat creates the dataview with the correct index pattern for you automatically upon setup right?

ziwaang

Excellent Treasure of a Video.

I have one question: I want to import a .log file which has old data from another system. When I mention the path, etc.. it still doesn't showup in discover. Any idea?

anonymoussaitama

Greetings,

First thank you, follow all your kibana and filebeat installation steps. And I have a server running collecting netflow data from my router. However I have a problem the graphics are only 30 minutes of data and they are already overwriting and I have 1.5tb of storage, how do I fix this? Do I need to make any other adjustments to use netflow? The router that sends has a traffic of 30~40Gbs

michellsilva

After setting up the user I am still not getting any data in the filebeat-* index. I checked for errors in journalctl - no errors. What could be the problem?

vanhowell

First off all....Thank you for this video. it was very helpful. I have one question. I am planning to install filebeat on multiple instances, So all instances should we have setup.dashboards.enabled: true.. and if I set to false for other instances, will it insert data to the existing dashboard. I am bit confused...Can you please help me in this

rahulsonawale-rucq

I have installed Elk with Kibana and Filebeat all logs are coming in some dashboard are working fine but I need [Filebeat System] Sudo Commands dashboard data not showing how to fix this I need sudo cmd data there

Can you help me achieve this

preet

hello,

security: server's certificate chain verification is enabled
handshake... ERROR x509: certificate signed by unknown authority

after:./ filebeat test output -c /etc/filebeat/filebeat.yml --path.data /var/lib/filebeat --path.home /usr/share/filebeat

ibnudafa

Hi again
when I execute finally the next command "./filebeat -e"
The terminal shows me the next error:
Exiting: error connecting to Kibana: fail to get the Kibana version: fail to parse kibana version (): passed version is not semver:

Can you help me?

Best regars and thanks.

Jose__Manuel

Hello.

GET _ingest/geoip/stats

{

"stats": {
"successful_downloads": 0,
"failed_downloads": 0,
"total_download_time": 0,
"databases_count": 0,
"skipped_updates": 0,
"expired_databases": 0
},
"nodes": {}
}

your solution not running for me.

ati